The announcement added that the US had worked with allies and partners to identify the source of the hacks, which “cost governments and businesses billions of [US] dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the MSS had them on its payroll”.

China’s embassy in Washington called its allegations of cyberespionage “irresponsible”, “ill-intentioned” and lacking in evidence.

“The Chinese government and relevant personnel never engage in cyberattacks or cyber theft,” embassy spokesman Liu Pengyu said. “We urge the US to immediately stop its ‘empire of hacker’ campaign and stop illegally damaging other countries’ interests and security.”

“US allies must also remember that the US agencies have been engaging in large-scale, organised and indiscriminate cyber intrusion, surveillance and monitoring activities on foreign governments, institutions, enterprises, universities and individuals, including on its allies,” Liu said.

From US to Asia, thousands of organisations fall victim to Microsoft email hack

Asked why Washington had not announced any sanctions along with the cyber hacking allegations, White House press secretary Jen Psaki said the inclusion of Nato in Monday’s chorus of denunciations represented an escalated response.

“I would note that we are actually elevating and taking steps to not only speak out publicly, but certainly take action as it relates to problematic cyber activities from China – in a different way, but as we have from Russia as well,” she said.

Multiple federal agencies issued warnings to subnational government authorities, operators of critical infrastructure and private companies on Monday to take extra precautions to adapt to the evolving capabilities of hackers working with the Chinese government.

“Chinese state-sponsored cyber actors remain agile and cognisant of the information security community’s practices,” the Cybersecurity & Infrastructure Security Agency (CISA) said in an alert. “These actors take effort to mask their activities by using a revolving series of virtual private servers (VPSs) and common open-source or commercial penetration tools.”

CISA added: “Chinese state-sponsored cyber actors consistently scan target networks for critical and high vulnerabilities within days of the vulnerability’s public disclosure. In many cases, these cyber actors seek to exploit vulnerabilities in major applications, such as Pulse Secure, Apache, F5 Big-IP, and Microsoft products.”

The Information Technology & Innovation Foundation (ITIF), a Washington-based policy think tank that is financially supported by a wide range of technology companies including Microsoft, aircraft maker Boeing and Shenzhen-based drone maker DJI, issued a statement welcoming the Biden administration’s announcement.

“Hacking practices backed by the Chinese government have been ignored on the international stage for years – treated as something not to be mentioned in polite company,” said Daniel Castro, ITIF vice-president. “But the Biden administration’s move to publicly accuse China of a recent cyberattack suggests that Beijing’s free pass is over.

“It’s not clear that naming and shaming will be enough, though,” Castro added. “If China continues to brazenly back cyberattacks against its trading partners, the United States and its allies should escalate their response.”

Proposed WHO Covid-19 origins study ‘inconsistent’ with China’s position

The British government announcement said the cyberattacks targeted more than 250,000 servers worldwide.

Separately, the US Justice Department said it had charged four mainland Chinese with establishing a front company, Hainan Xiandun Technology Development, a now-disbanded business that allegedly worked with the Hainan State Security Department (HSSD) to carry out cyber espionage schemes that targeted users in 12 countries including the US, Britain, Canada, Indonesia, Malaysia and Saudi Arabia.

The Justice Department statement claimed that HSSD officers Ding Xiaoyang, Cheng Qingmin and Zhu Yunmin managed a network of computer hackers and linguists at Hainan Xiandun and other MSS front companies “to conduct hacking for the benefit of China and its state-owned and sponsored instrumentalities” and that the operation was run out of China’s southeastern island province of Hainan to “obfuscate the Chinese government’s role”.

Wu Shurong, as part of Hainan Xiandun, was accused of hacking into computer systems and supervising other hackers.

Stolen trade secrets and information included technologies used for submersibles and autonomous vehicles, commercial aircraft servicing, genetic-sequencing technology and data, and foreign information to support efforts to secure contracts for state-owned enterprises looking to build high-speed railways and other development projects in third countries, the Justice Department alleged.

01:29

US indicts Chinese men for hacking related to coronavirus vaccine data and defence secrets

US indicts Chinese men for hacking related to coronavirus vaccine data and defence secrets

At research institutes and universities, the conspiracy targeted infectious-disease research related to Ebola, Mers, HIV/Aids, Marburg and tularaemia, according to the Justice Department.

“Widespread, credible evidence demonstrates that sustained, irresponsible cyber activity emanating from China continues,” said the British government statement. “The Chinese government has ignored repeated calls to end its reckless campaign, instead allowing its state-backed actors to increase the scale of their attacks and act recklessly when caught.”

‘Competition over cooperation’ leaves regular US-China talks up in the air

“The EU and its member states, together with partners, expose malicious cyber activities that significantly affected our economy, security, democracy and society at large,” it said. “The EU and its member states assess these malicious cyber activities to have been undertaken from the territory of China.

“We have also detected malicious cyber activities with significant effects that targeted government institutions and political organisations in the EU and member states, as well as key European industries,” the EU Council said.

“These activities can be linked to the hacker groups known as Advanced Persistent Threat 40 and Advanced Persistent Threat 31 and have been conducted from the territory of China for the purpose of intellectual property theft and espionage.”

Accusations by the US, the EU and other Western countries directed at China and Russia have become increasingly fierce as cyberspace has become a key area of competition and confrontation between Beijing and countries aligned with Washington, according to Shi Yinhong, a professor of international relations at Renmin University.

“With the increasing importance of information technology in the international community, confrontation in this area has become more important and will become more important in the future,” Shi said.

In an indication of this stronger stance, Norway’s Foreign Minister Ine Eriksen Søreide told reporters on Monday that she summoned a Chinese diplomat to protest against the “unacceptable” Microsoft Exchange cyberattack, which she said included the IT systems of her country’s parliament.

“We clearly told them that this sort of attack is unacceptable,” Agence-France Presse quoted Eriksen Søreide as saying.

China’s MSS and other parties in the county has been at the centre of other alleged high-profile cyberattacks in the US.

In 2019, a US federal grand jury charged Chinese national Wang Fujie in a hacking campaign described by the Justice Department at the time as “one of the worst data breaches in history”, an effort that yielded the personal data of 78 million people.

Additional reporting by Owen Churchill and Amber Wang